Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

How to Talk About Risk with the Board

When it comes to risks, boards have plenty to worry about. According to the latest CFO Signals™ survey, their list of concerns is extensive—and growing. External worries for boards include economic health in North America and Europe, the effects of slow growth on competition and government regulatory activity. Then, from an internal perspective, there are strong concerns about the loss and/or succession of key managerial and other talent, as well as the execution—more than the quality—of strategy. In fact, more than 60% of boards are worried about poor execution of strategy.¹

Obviously, it is the responsibility of CFOs, along with CROs, to keep boards up-to-date on how their companies are managing these risks—and to a certain extent, to address their concerns. But research from Corporate Board Member and Deloitte LLP, titled Bridging the Gap,² reveals differences between CFOs’ and directors’ perceptions about how much time CFOs actually spend on risk management. As the research suggests, there are ways CFOs can better communicate concerns about risk and, in the process, possibly raise their own profiles.

Where Time Misperceptions Exist

If you ask CFOs, they’ve raised the profile of risk substantially within their companies. In the same CFO Signals survey mentioned above, CFOs say that over the past five years, their companies have taken extensive steps to improve risk awareness, clarify responsibility and plan for risk events.³

Yet, while risk awareness may be up, the Bridging the Gap study—which surveyed nearly 200 board members and CFOs at companies with annual revenue of $500 million or more—found that directors, more often than not, thought CFOs were spending less time on risk management than they really were. Specifically:

Among board directors, 67.7% said CFOs spend less than 25% of their time on risk issues, while slightly more than half (51.8%) of CFOs indicated they spend less than 25% of their time on risk issues.

Just 1.6% of board directors said their CFO spends between 50% and 75% of his or her time on risk issues, compared with 5.4% of CFOs who said they devote that proportion of their time to risk issues.

Less than one-third of directors (30.7%) believe their CFOs spend between 25% and 50% of their time on risk, compared with 42.9% of CFOs who chose that time range.

The gaps between the two groups’ views on how much time CFOs spend on risk management may be caused by differences in how they define risk. When CFOs are working on budgets and challenging business units to improve both on revenues and costs, for example, they may see that work as falling under operational risk management. But directors may not regard that effort as time spent on risk management. Another reason for the disconnect may be the time CFOs spend discussing risk issues in board meetings. If the amount of time the CFO is devoting to risk in those formal, mindshare discussions is relatively brief, that could lead the board to think the CFO is spending less time on risk than may be the case. Or it simply may be different perceptions of what the CFO is doing and what the board is seeing: boards are looking for better transparency, but CFOs may not be communicating as much as they should.

Closing the Gaps*

Whatever the reason, there are certain steps that CFOs and CROs, as well as boards, can take to address such perceived gaps and challenges. For example:

Provide boards the “right” level of information. Some CFOs and CROs struggle to strike a balance between providing the right information to the board and avoiding information overload. From the board’s perspective, information overload involving risk oversight is seen as a serious challenge. What boards need to know are the critical risks—the top 10 risks—not stacks of reports with too much detail. But getting to that can be a challenge. Suggestions might include holding regular quarterly meetings with the board to discuss risk profiles of the business units, based on the likelihood of particular risks as well as the potential impact of each risk. Another tactic is to spend some time each year reviewing the materials provided to the board (including those related to risk) with an eye toward improving quality.

Make clear the migration of risks from high priority to lower priority. To help boards prioritize, it is important to make clear on a risk dashboard which risks have moved from being a high priority to a lower priority—and vice versa—as new risks emerge. To further aid in the ranking, CFOs and CROs should revisit the risks associated with each business unit and evaluate both the mitigation and migration plans for each of the risks identified as important.

Link risk to business strategy. Reviewing risks and mitigation plans in light of an organization’s strategy—and incorporating those views into board discussions— is also important. An organization is executing well when everyone understands the strategy and the rationale that supports the organization’s strategy. Thinking about risk without including the business strategy is thinking about it too narrowly.

Address organizational risk biases. Biases toward risk management can occur within organizations. Understanding what other organizations in the same industry, as well as other industries, are doing with regard to risk management and monitoring is one way to help avoid biased thinking.

Risk-savvy board members. Having at least one board member who really understands the complexities of risk management is beneficial to the makeup of a board. While dashboards and other information filters are important, they do not take the place of a knowledgeable board. In the end, it’s the duty of the board to understand the business and what drives the business, as a first step to understanding its risk profile and conducting risk oversight.

Build strong relationships between CEOs and boards. Finally, the relationship between the board and the CEO is often an important determinant of strong risk oversight practices, particularly, the board’s degree of trust in the CEO to make ethical decisions.

CFOs, in particular, have to establish effective relationships with their boards to both fulfill their fiduciary responsibilities and advance their agendas. Failure to master these relationships can often drain the energy of a CFO and sometimes stymie a career. Little wonder that, according to the first-quarter CFO Signals report, improving relationships is a top priority for surveyed CFOs, with about 45% indicating a focus on improving their relationship with internal stakeholders, including their board.⁴

As CFOs take on stronger strategist and catalyst roles, their ability to work effectively with leaders throughout the organization becomes even more critical. And with the board, the place to start may just be with better communication.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.